Sony pleads innocent in latest rootkit fiasco

• Tags:
• Sony,
• Malware,
• Directory,
• Installation

Liam Tung ZDNet Australia

Published: 31 Aug 2007 09:11 BST

• 
• 
• 
• 
• 

Sony claims the rootkit-like behaviour of a device driver used to run its biometric Micro Vault USB drive was unintentional.

Sony Sweden representative Fredrik Fagerstedt told local press this week that sometimes even actions undertaken with "good will" can go wrong.

Fagerstedt's comments come the same day that antivirus firm McAfee joined the growing chorus of companies criticising Sony for compromising its customers' security.

McAfee reported that Taiwan's FineArt Technology, which makes encryption software for PCs and laptops, was responsible for creating the offending software.

McAfee's Aditya Kapoor and Seth Purdy wrote in a blog: "The authors apparently did not keep the security implications in mind" when designing the installation method.

Kapoor and Purdy catalogued the incident as one of the worst examples of "nasty rootkits that use blended techniques to hide or protect themselves".

Echoing F-Secure's Patrik Runald, the McAfee bloggers said the default installation path does nothing to stop malware authors from copying code to a directory of their choice and executing it in that location.

They added that another easy hack for malware authors would be to launch code from their chosen directory and add a start-up entry for the software to ensure it is hidden immediately on the PC's boot-up.

Sony Australia has not responded to multiple requests for comment.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed